wwwroot/inc/eventz/reset_password.inc

   1 <?php
   2 function reset_password() {
   3     global $db,$error;
   4     $login = db_escape_string($_POST['login']);
   5     $login_type = db_escape_string($_POST['login_type']);
   6     $vercode = db_escape_string($_POST['vercode']);
   7     $password1 = db_escape_string($_POST['new_password1']);
   8     $password2 = db_escape_string($_POST['new_password2']);
   9
  10     if ($login == '') {
  11         $error="Please enter name or id";
  12         return false;
  13     }
  14
  15     if ($password1 == '' || $password2 == '') {
  16         $error="Please enter password";
  17         return false;
  18     }
  19
  20     if ($password1 != $password2) {
  21         $error = "The two passwords that you entered do not match.";
  22         return false;
  23     }
  24
  25     switch ($login_type) {
  26         case "name":
  27             $set=$db->query("select * from users where login='$login'");
  28             $set->next();
  29             $user_name=$set->getString('login');
  30             $user_id=$set->getString('user_id');
  31             $hash=$set->getString('hash');
  32         break;
  33         case "id":
  34             $set=$db->query("select * from users where user_id='$login'");
  35             $set->next();
  36             $user_name=$set->getString('login');
  37             $user_id=$set->getString('user_id');
  38             $hash=$set->getString('hash');
  39         break;
  40     }
  41
  42     if ($hash != $vercode) {
  43         $error="Bad verification code!";
  44         return false;
  45     }
  46
  47     // XXX fix
  48     $password = md5($password1);
  49     $q="update users set password='$password' where user_id='$user_id'";
  50     $db->query($q);
  51
  52 //    require(INCLUDE_DIR.'ldap.inc');
  53 //    LDAPuser::change_pass_forced($user_id,$password1);
  54
  55     $error="Password changed. Now you can login with your new password.";
  56     return false;
  57 }
  58 ?>